package com.paranoid.shiro04.controller;


import com.paranoid.shiro04.entity.User;
import com.paranoid.shiro04.service.UserService;
import com.paranoid.shiro04.utils.VerifyCodeUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@Controller
@RequestMapping("user")
public class UserController {

    @Autowired
    private UserService userService;

    @PostMapping("login")
    public String login(String username, String password, String code, HttpSession session) {
        //在web环境下，只要在shiiro中配置了安全管理器就会自动往SecurityUtils中注入SecurityManager
        //比较验证码
        String code1 = (String) session.getAttribute("code");
        try {
            if (code1.equalsIgnoreCase(code)) {
                //获取主体对象
                Subject subject = SecurityUtils.getSubject();
                subject.login(new UsernamePasswordToken(username, password));
                return "redirect:/index.jsp";
            } else {
                throw new RuntimeException("验证码错误！");
            }
        } catch (UnknownAccountException e) {
            System.out.println("用户名不存在！");
            session.setAttribute("error","用户名不存在！");
        } catch (IncorrectCredentialsException e) {
            System.out.println("密码错误！");
            session.setAttribute("error","密码错误！");
        } catch (RuntimeException e){
//            e.printStackTrace();
//            System.out.println(e.getMessage());
            System.out.println("验证码错误");
            session.setAttribute("error","验证码错误！");
        }


        return "redirect:/login.jsp";
    }

    /**
     * 退出登录
     */
    @RequestMapping("logout")
    public String logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        return "redirect:/login.jsp";
    }


    @RequestMapping("register")
    public String register(User user) {

        try {
            userService.register(user);
            return "redirect:/login.jsp";
        } catch (Exception e) {
            e.printStackTrace();
            return "redirect:/register.jsp";
        }
    }

    @RequestMapping("save")
    //@RequiresRoles("admin")     判断角色
    @RequiresRoles(value = {"admin", "user"})     //判断角色  必须同时具有当前的所有角色
    @RequiresPermissions("user:update:01")//判断权限字符串
    public String save() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.hasRole("admin")) {
            System.out.println("保存订单");
            return "redirect:/index.jsp";
        } else {
            System.out.println("无权限访问");
        }
        return null;
    }

    /**
     * 验证码方法
     */
    @RequestMapping("getImage")
    public void getImage(HttpSession session, HttpServletResponse response) throws IOException {
        //生成验证码
        String code = VerifyCodeUtils.generateVerifyCode(4);
        //将验证码放入session
        session.setAttribute("code", code);
        //验证码放到对应的图片位置
        ServletOutputStream os = response.getOutputStream();
        response.setContentType("image/png");
        VerifyCodeUtils.outputImage(220, 60, os, code);

    }


}
